Add the sanitization function for checkboxes

[Mirucon]

I think it would be nice if core has the sanitization function for checkboxes, like the text fields / hex ones.

[danieltj]

I'm not sure if that patch would work. Aren't checkbox values passed as on rather than set to true?

Might need a slight rework, although this would be very handy to implement for sure.

[Mirucon]

It should work, as checkboxes always return either true or false.

Try this to see what happens. This code will return the value of 'Display Site Title and Tagline', you'll see that is boolean:

var_dump( get_theme_mod( 'display_header_text', true ) );

[swissspidy]

It should work, as checkboxes always return either true or false.

No. Checkboxes return whatever value you gave them. It can be anything. See ​https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/checkbox#Value for example.

[Mirucon]

Ahh yes, that is the why this sanitization function is needed. There's no reason to be anything since it is a checkbox. It should only be representing on or off.

So, should the checkboxes on theme customizer return true / false, or on / off?

[danieltj]

Recently I've worked with plugin settings and the checkbox values always return on for checked and false (nothing) for unchecked, so I'd say that we should be checking to see if it is on and if not, then consider it off/unchecked.

[danieltj]

Filters the value for checkbox and radio elements.

[danieltj]

Whilst writing the above patch it occurred to me that we could fix two issues in one here. Checkbox and radios behave in the exact same way (apart from only one radio can be selected) so I've implemented a method that includes radios as well. Should return the sanitized value as is now using said function.

Thanks for the heads up on that one @swissspidy!

[SergeyBiryukov]

As noted above, checkboxes and radios can have custom values, they're not really different from text fields in that regard, so sanitize_text_field() can be used on them.

41810.2.diff​ looks correct to me, I guess the question is whether a wrapper like this with a semantic name specific to checkboxes and radios is really needed. I don't have a strong opinion at the moment.

[Mirucon]

I've seen several sanitization functions for checkboxes, but they are returning only true or false.

​https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php#L12

​https://divpusher.com/blog/wordpress-customizer-sanitization-examples#check

I personally think checkboxes do not need to have custom values and they should only be true or false, since they are usually used for switching something, like switch to whether displaying tagline or not.

For the radio boxes / select options, we should have like this function, so that only the given choices can be used. ​https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php#L262

[knutsp]

Checkboxes return string values when checked, and nothing when unchecked. The returned value is determined by the value attribute. When no value attribute is set, the default is the string 'on'.

[rabmalin]

I guess the question is whether a wrapper like this with a semantic name specific to checkboxes and radios is really needed. I don't have a strong opinion at the moment.

Agree. I dont think we need such wrapper function.

[nikolov.tmw]

I personally think checkboxes do not need to have custom values and they should only be true or false, since they are usually used for switching something, like switch to whether displaying tagline or not.

Except for, there are situations where checkboxes need to save their custom values. For example, you can use checkboxes to select what filters will available in a search form - "categories", "tags", "months"(yes, not the best example, but should get the point across). Checkboxes are not only on or off.

[danieltj]

Reviving this ticket. After the discussion above, I think it's worth closing this as sanitize_text_field() works fine for check boxes as it is. I don't think a wrapper function is needed here. Suggest closing.